Skip to main content
NetApp Knowledge Base

Cannot delete expiring KMIP client certificate in ONTAP to install new certificate

Views:
348
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.5
  • ONTAP 9.6

Issue

  • User wants to delete expiring KMIP client certificate and install a new one.
  • Deleting current KMIP client certificate fails with the following error:
    ::*>security certificate delete -vserver vs1 -common-name prod1 -ca "cert1" -type client -serial xxxxxxxxxxxxxxxxxxxxx

    Error: command failed on vserver "vs1" common-name "prod1" ca "cert1" type "client" subtype "kmip-cert": The certificate could not be removed due to the following conflicts:

    Cannot remove certificate with subtype "kmip-cert" while external keymanager is configured.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device